A high-severity vulnerability has been identified in multiple GoodLayers products, allowing a low-privileged user to gain full administrative control over an affected website. Successful exploitation could lead to a complete compromise of the site, resulting in data theft, website defacement, or the distribution of malware. Immediate patching and a review of user permissions are required to mitigate this critical risk.

The vulnerability is an Incorrect Privilege Assignment flaw within the 'goodlayers-core' component used by multiple GoodLayers themes and plugins. A function responsible for managing user roles fails to properly validate whether the user initiating a change has the authority to do so. An authenticated attacker with a low-level role, such as 'subscriber', can craft a malicious request to this vulnerable function to assign themselves a higher-privilege role, such as 'administrator', thereby gaining complete control over the website.

This vulnerability is rated as High severity with a CVSS score of 8.8, posing a significant risk to the organization. A successful exploit would grant an attacker full administrative control over the affected website. This could lead to severe business impacts, including the theft of sensitive customer or corporate data, website defacement causing reputational damage, disruption of business operations, and financial loss. Furthermore, the compromised website could be used as a platform to launch further attacks against customers or the internal network.

Immediate Action: Organizations must immediately update the 'goodlayers-core' plugin and any affected GoodLayers themes to the latest patched versions provided by the vendor. Following the update, a comprehensive audit of all user accounts and their assigned permissions should be conducted to identify and revert any unauthorized privilege changes.

Proactive Monitoring: Continuously monitor web server and application logs for signs of exploitation. Specifically, look for unusual or unauthorized changes to user roles, the creation of new administrative accounts, and suspicious POST requests to administrative functions from unexpected user accounts or IP addresses. Implement alerts for any user privilege escalation events.

Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the risk. Deploy a Web Application Firewall (WAF) with rules specifically designed to block attempts to exploit this privilege escalation vector. Additionally, consider temporarily disabling new user registration and restricting administrative panel access to a whitelist of trusted IP addresses.

Public Exploit Available: false

Given the high CVSS score of 8.8 and the critical impact of a successful exploit (full site compromise), this vulnerability requires immediate attention. We strongly recommend that all organizations using GoodLayers products apply the vendor-supplied patches without delay. Although this CVE is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, the risk of active exploitation is high. Prioritize patching and conduct a thorough review of user permissions to mitigate this significant threat to your web assets.